Chapter 4 Characters and Gauss Sums

Chapter 4

Characters and Gauss sums

4.1 Characters on ﬁnite abelian groups

In what follows, abelian groups are multiplicatively written, and the unit element of an abelian group A is denoted by 1 or 1A. We denote the order (number of elements) of A by |A|. Let A be a ﬁnite abelian group. A character on A is a group homomorphism χ : A → C∗ (i.e., C \{0} with multiplication). n n If |A| = n then a = 1A, hence χ(a) = 1 for each a ∈ A and each character on A. Therefore, a character on A maps A to the roots of unity.

The product χ1χ2 of two characters χ1, χ2 on A is deﬁned by (χ1χ2)(a) = χ1(a)χ2(a) for a ∈ A. With this product, the characters on A form an abelian group, the so-called character group of A, which we denote by Ab. The unit element (A) of Ab is the trivial character χ0 that maps A to 1. Since any character on A maps A to the roots of unity, the inverse χ−1 : a 7→ χ(a)−1 of a character χ is equal to its complex conjugate χ : a 7→ χ(a).

Lemma 4.1. Let A be a cyclic group of order n. Then Ab is also a cyclic group of order n.

Proof. Let A =< a >= {1, a, a2, . . . , an−1} and an = 1. Choose a primitive n-th k k root of unity ρ1. Then χ1 given by χ1(a ) = ρ1 for k ∈ Z deﬁnes a character on A.

71 j n Further, χ1 (j = 0, . . . , n − 1) deﬁne diﬀerent characters on A, and χ1 is the trivial (A) character χ0 . n j Conversely, let χ ∈ Ab be arbitrary. Then χ(a) = 1, hence χ(a) = ρ1 for some j integer j, and so χ = χ1. It follows that Ab =< χ1 > is a cyclic group of order n. Lemma 4.2. Let the abelian group A be a direct product of cyclic groups of orders n1, n2, . . . , nr. Then Ab is also a direct product of cyclic groups of orders n1, n2, . . . , nr.

Proof. By assumption, A is the direct product of cyclic groups < g1 >, . . . , < gr > of orders n1, . . . , nr. This means that

k1 kr A =< g1 > × · · · × < gr >= {g1 ··· gr : ki ∈ Z},

k1 kr where g1 ··· gr = 1 if and only if ki ≡ 0 (mod ni) for i = 1, . . . , r.

ni Clearly, for any roots of unity ρi with ρi = 1 for i = 1, . . . , r, there is a unique character χ ∈ Ab with χ(gi) = ρi for i = 1, . . . , r. Now for i = 1, . . . , r let ρi be a primitive ni-th root of unity, and deﬁne the character χi by

χi(gi) = ρi, χi(gj) = 1 for j 6= i.

Clearly, χi has order ni in Ab. One easily shows that for any χ ∈ Ab, there are Qr ki Qr ki (A) k1, . . . , kr ∈ Z such that χ = i=1 χi , and moreover, that if i=1 χi = χ0 for some ki ∈ Z, then ki ≡ 0 (mod ni) for i = 1, . . . , r, by evaluating the identities at g1, . . . , gr. Hence Ab =< χ1 > × · · · × < χr > . This proves our Lemma.

Proposition 4.3. Every ﬁnite abelian group is isomorphic to a direct product of cyclic groups.

Proof. See S. Lang, Algebra, Chap.1, §10.

Theorem 4.4. Let A be a ﬁnite abelian group. Then there exists an isomorphism from A to Ab. In particular, |Ab| = |A|.

Proof. Obvious from Lemma 4.2 and Proposition 4.3.

72 Remark. The isomorphism in Theorem 4.4 is non-canonical, i.e., it ’depends on 0 0 a choice.’ For we have A = Cn1 × · · · × Cnr and Ab = Cn1 × · · · × Cnr , where C ,C0 denote cyclic groups of order n , for i = 1, . . . , r. We can now establish an ni ni i isomorphism from A to A by mapping a generator of C to a generator of C0 , for b ni ni i = 1, . . . , r. Of course, this isomorphism depends on the choices of the generators. Let A be a finite abelian group. For a subgroup H of A, we define H⊥ := {χ ∈ Ab : χ(H) = 1} = {χ ∈ Ab : χ(a) = 1 for a ∈ H}. Any homomorphism of abelian groups ϕ : A → B defines a homomorphism between the character groups in the reverse direction, ϕ∗ : Bb → Ab : χ 7→ χ ◦ ϕ. Theorem 4.5. Let ϕ : A → B be a surjective homomorphism of abelian groups. Then ϕ∗ : Bb → Ab is injective, and ϕ∗(Bb) = (Ker ϕ)⊥. In particular, if ϕ is an isomorphism from A to B, then ϕ∗ is an isomorphism from Bb to Ab.

∗ ∗ (A) Proof. We prove that ϕ is injective. Let χ ∈ Ker ϕ , i.e., χ ◦ ϕ = χ0 . Let b ∈ B (B) and choose a ∈ A with ϕ(a) = b. Then χ(b) = χ(ϕ(a)) = 1. Hence χ = χ0 . As for the image, let H := Ker ϕ. If χ = ϕ∗χ0 for some χ0 ∈ Bb, then for a ∈ H we have χ(a) = χ0(ϕ(a)) = 1, ⊥ ⊥ hence χ ∈ H . Conversely, if χ ∈ H , then χ(a1) = χ(a2) for any two a1, a2 with 0 ϕ(a1) = ϕ(a2). Hence χ : b 7→ χ(a) for any a ∈ A with ϕ(a) = b gives a well-deﬁned character on B with χ = ϕ∗ϕ0. So χ ∈ ϕ∗(Bb). It follows that ϕ∗(Bb) = H. Corollary 4.6. Let A be a ﬁnite abelian group, and a ∈ A with a 6= 1. Then there is χ ∈ Ab with χ(a) 6= 1.

Proof. Let B := A/ < a > and let ϕ : A → B be the canonical homomorphism. Then by the previous Theorem, ϕ∗ establishes an isomorphism from Bb to < a >⊥= {χ ∈ Ab : χ(a) = 1}. Hence | < a >⊥ | = |Bb| = |B| = |A|/| < a > | < |A|. This shows that there is χ ∈ Ab with χ(a) 6= 1.

73 For a ﬁnite abelian group A, let Ab denote the character group of Ab. Each element a ∈ A gives rise to a character ba on Ab, given by ba(χ) := χ(a). b Theorem 4.7 (Duality). a 7→ ba deﬁnes a canonical isomorphism from A to Ab.

Proof. The map ϕ : a 7→ ba obviously deﬁnes a group homomorphism from A to b Ab. We show that it is injective. Let a ∈ Ker(ϕ); then ba(χ) = 1 for all χ ∈ Ab, i.e., χ(a) = 1 for all χ ∈ Ab, which by the previous Corollary implies that a = 1. So indeed, ϕ is injective. But then ϕ is surjective as well, since by Theorem 4.4, |Ab| = |Ab| = |A|. Hence ϕ is an isomorphism. Theorem 4.8 (Orthogonality relations). Let A be a ﬁnite abelian group.

(i) For χ1, χ2 ∈ Ab we have X |A| if χ1 = χ2; χ1(a)χ2(a) = 0 if χ1 6= χ2. a∈A (ii) For a, b ∈ A we have

X |A| if a = b; χ(a)χ(b) = 0 if a 6= b. χ∈Ab

−1 −1 Proof. (i) Let χ = χ1χ2 . Then χ1(a)χ2(a) = χ1(a)χ2(a) = χ(a), hence the left-hand side is equal to X S := χ(a). a∈A

Clearly, if χ1 = χ2 then χ(a) = 1 for all a ∈ A, hence S = |A|. Suppose that χ1 6= χ2. Then χ is not the trivial character, hence there is c ∈ A with χ(c) 6= 1. Now X X χ(c)S = χ(ac) = χ(a) = S, a∈A a∈A hence S = 0. (ii) Apply (i) with Ab instead of A. Then by Theorem 4.7 we get for a, b ∈ A, ( X X |Ab| = |A| if a = b, χ(a)χ(b) = a(χ)b(χ) = b 0 if a 6= b. χ∈Ab χ∈Ab

74 4.2 Dirichlet characters

Let q ∈ Z>2. Denote the residue class of a mod q by a. Recall that the prime residue classes mod q,(Z/qZ)∗ = {a : gcd(a, q) = 1} form a group of order ϕ(q) ∗ under multiplication of residue classes. We can lift any character χe on (Z/qZ) to a map χ : Z → C by setting χ(a) if gcd(a, q) = 1; χ(a) := e 0 if gcd(a, q) > 1.

Notice that χ has the following properties: (i) χ(1) = 1; (ii) χ(ab) = χ(a)χ(b) for a, b ∈ Z; (iii) χ(a) = χ(b) if a ≡ b (mod q); (iv) χ(a) = 0 if gcd(a, q) > 1.

Any map χ : Z → C with properties (i)–(iv) is called a (Dirichlet) character modulo ∗ q. Conversely, from a character mod q χ one easily obtains a character χe on (Z/qZ) by setting χe(a) := χ(a) for a ∈ Z with gcd(a, q) = 1.

Let G(q) be the set of characters modulo q. We deﬁne the product χ1χ2 of χ1, χ2 ∈ G(q) by (χ1χ2)(a) = χ1(a)χ2(a) for a ∈ Z. With this operation, G(q) becomes a group, with unit element the principal character modulo q given by

1 if gcd(a, q) = 1; χ(q)(a) = 0 0 if gcd(a, q) > 1.

The inverse of χ ∈ G(q) is its complex conjugate

χ : a 7→ χ(a).

It is clear, that this makes G(q) into a group that is isomorphic to the character group of (Z/qZ)∗. One of the advantages of viewing characters as maps from Z to C is that this allows to multiply characters of diﬀerent moduli: if χ1 is a character mod q1 and χ2 a character mod q2, their product χ1χ2 is a character mod lcm(q1, q2). We can easily translate the orthogonality relations for characters of (Z/qZ)∗ into orthogonality relations for Dirichlet characters modulo q. Recall that a complete

75 residue system modulo q is a set, consisting of precisely one integer from every residue class modulo q, e.g., {3, 5, 11, 22, 104} is a complete residue system modulo 5.

Theorem 4.9. Let q ∈ Z>2, and let Sq be a complete residue system modulo q.

(i) Let χ1, χ2 ∈ G(q). Then X ϕ(q) if χ1 = χ2; χ1(a)χ2(a) = 0 if χ1 6= χ2. a∈Sq

(ii) Let a, b ∈ Z. Then  ϕ(q) if gcd(ab, q) = 1, a ≡ b (mod q); X  χ(a)χ(b) = 0 if gcd(ab, q) = 1, a 6≡ b (mod q); χ∈G(q)  0 if gcd(ab, q) > 1.

Proof. Exercise.

Let χ be a character mod q and d a positive divisor of q.

We say that q is induced by a character χ0 mod d if χ(a) = χ0(a) for every a ∈ Z 0 0 (q) with gcd(a, q) = 1. Equivalently stated, χ is induced by χ if χ = χ χ0 . Notice that if gcd(a, d) = 1 and gcd(a, q) > 1, then χ0(a) 6= 0 but χ(a) = 0. The character χ is called primitive if it is not induced by a character mod d for any divisor d < q of q.

The conductor fχ of a χ is the gcd of all divisors d of q such that χ is induced (1) by a character modulo d. If we allow the character mod 1, given by χ0 (a) = 1 for a ∈ Z, we see that for q > 2 the principal character mod q has conductor 1. The next lemma gives a method to verify if a character χ is induced by a character mod d.

Theorem 4.10. Let χ be a character mod q, and d a divisor of q. Then the following assertions are equivalent: (i) χ(a) = 1 for all a ∈ Z with a ≡ 1 (mod d) and gcd(a, q) = 1; (ii) χ is induced by a character mod d. Moreover, if (ii) holds, the character mod d by which χ is induced is uniquely deter- mined.

76 Proof. We ﬁrst observe that if a is an integer coprime with d then there is an integer b with b ≡ a (mod d) such that b is coprime with q. Indeed, write q = q1q2, where q1 is composed of the primes occurring in the factorization of d, and where q2 is composed of primes not dividing d. By the Chinese Remainder Theorem, there is b ∈ Z with b ≡ a (mod d), b ≡ 1 (mod q2).

This integer b is coprime with d, hence with q1, and also coprime with q2, so it is coprime with q. The remaining part of the proof is a simple application of Theorem 4.5. Our above observation implies that

∗ ∗ ϕd :(Z/qZ) → (Z/dZ) : a(mod q) 7→ a(mod d) is a surjective homomorphism. The kernel of ϕd is

∗ Hd := {a(mod q) ∈ (Z/qZ) : a ≡ 1 (mod d)}.

0 0 ∗ 0 Now χ is induced by a character χ mod d if and only if χe = χe ◦ ϕd = ϕdχe , where χe is the character on (Z/qZ)∗ corresponding to χ, and χe0 is the character on (Z/dZ)∗ corresponding to χ0. By Theorem 4.5, such a character χe0 exists, and if it does is unique, if and only if χe(Hd) = 1. But this is precisely the equivalence (i)⇐⇒(ii) in another language.

Theorem 4.11. Let χ be a character mod q. Suppose χ is induced by a character mod d1 and by a character mod d2. Then χ is induced by a character mod gcd(d1, d2).

We need the following lemma.

Lemma 4.12. Let d = gcd(d1, d2). Let a be an integer with gcd(a, q) = 1 and a ≡ 1 (mod d). Then there are integers u, v such that a = 1 + ud1 + vd2 and gcd(1 + ud1, q) = 1.

Proof. Write q = q1q2, where q1 is composed of primes dividing d2, and q2 is composed of primes not dividing d2. Then gcd(q2d1, d2) = d. There are integers t, x, y such that a = 1 + td and d = xq2d1 + yd2. This implies

a = 1 + txq2d1 + tyd2 = 1 + ud1 + vd2 with u = txq2, v = ty.

77 It is clear that 1 + ud1 is coprime with q2. Further, it is coprime with d2, since

1 + ud1 = a − vd2, and since a is coprime with q, hence with d2. So 1 + ud1 is coprime with q1. It follows that 1 + ud1 is coprime with q1q2 = q.

Proof of Theorem 4.11. Let a be any integer with gcd(a, q) = 1 and a ≡ 1 (mod d).

Choose integers u, v such that a = 1 + ud1 + vd2 and gcd(1 + ud1, q) = 1. Using subsequently that χ is induced by characters mod d2, d1, it follows that

χ(a) = χ(1 + ud1) = χ(1) = 1.

Now by Theorem 4.10, χ is induced by a character mod d. Corollary 4.13. Let χ be a character mod q. Then there is a unique character mod fχ that induces χ.

Proof. Obvious.

The orthogonality relations in Theorem 4.9 will play a crucial role in the proof of the Prime Number Theorem for arithmetic progressions. Theorem 4.9 is in fact the special case A = (Z/qZ)∗ of Theorem 4.8, and in the proof of this last theorem, we used a rather involved result from algebra, which we stated without proof, that is, that every ﬁnite abelian group is a direct product of cyclic groups.

For the orthogonality relations in Theorem 4.9 we need only that (Z/qZ)∗ is a direct product of cyclic groups. This is an easy consequence of the result below. We denote by a the residue class a (mod q), if from the context it is clear which integer q we are considering.

k1 kt Theorem 4.14. (i) Let q = p1 ··· pt , where the pi are distinct primes and the ki positive integers. Then

∗ ∼ k1 ∗ kt ∗ (Z/qZ) = (Z/p1 Z) × · · · × (Z/pt Z) .

k ∗ k−1 (ii) Let p be a prime > 3. Then (Z/p Z) is cyclic of order p (p − 1). (iii) (Z/4Z)∗ is cyclic of order 2. k ∗ Further, if k > 3 then (Z/2 Z) =< −1 > × < 5 > is the direct product of a cyclic group of order 2 and a cyclic group of order 2k−2.

78 We skip the proof of (i) and the proof of the case k = 1 of (ii), which belong to a basic algebra course. For the proof of the remaining parts, we need a lemma.

For a prime number p, and for a ∈ Z \{0}, we denote by ordp(a) the largest integer k such that pk divides a.

Lemma 4.15. Let p be a prime number and a an integer such that ordp(a − 1) > 1 if p > 3 and ordp(a − 1) > 2 if p = 2. Then

pk ordp(a − 1) = ordp(a − 1) + k.

Proof. We prove the assertion only for k = 1; then the general statement follows t easily by induction on k. Our assumption on a implies that a = 1 + p b, where t > 1 if p > 3, t > 2 if p = 2, and where b is an integer not divisible by p. Now by the binomial formula,

k X p ap − 1 = (ptb)j = pt+1bj + pt+2(··· ). j j=1

p Here we have used that all binomial coeﬃcients j are divisible by p except the last. But the last term (ptb)p is divisible by ppt, and the exponent pt is larger than t + 1 (the assumption t > 2 for p = 2 is needed to ensure this). This shows that p ordp(a − 1) = t + 1.

Proof of Theorem 4.14. (ii) We take for granted that (Z/pZ)∗ is cyclic of order p−1, k ∗ and assume that k > 2. We construct a generator for (Z/p Z) . Let g be an integer such that g (mod p) is a generator of (Z/pZ)∗. We show that we can choose g such p−1 p−1 that ordp(g − 1) = 1. Indeed, assume that ordp(g − 1) > 2 and take g + p. Then

p−1 X p − 1 (g + p)p−1 − 1 = gp−1−jpj = (p − 1)gp−2p + p2(··· ) j j=1 = = −gp−2p + p2(··· )

p−1 hence ordp((g + p) − 1) = 1. So, replacing g by g + p if need be, we get an integer ∗ p−1 g such that g (mod p) generates (Z/pZ) and ordp(g − 1) = 1. We show that g := g (mod pk) generates (Z/pkZ)∗. Let n be he order of g in (Z/pkZ)∗; that is, n is the smallest positive integer with gn ≡ 1 (mod pk). On the

79 one hand, gn ≡ 1 (mod p), hence p − 1 divides n. On the other hand, n divides the k ∗ k−1 s order of (Z/p Z) , that is, p (p − 1). So n = p (p − 1) with s 6 k − 1. By Lemma 4.15 we have n p−1 ordp(g − 1) = ordp(g − 1) + s = s + 1. This has to be equal to k, so s = k − 1. Hence n = pk−1(p − 1) is equal to the order of (Z/pkZ)∗. It follows that (Z/pkZ)∗ =< g >. (iii) Assume that k > 3. Deﬁne the subgroup of index 2,

k ∗ H := {a ∈ (Z/2 Z) : a ≡ 1 (mod 4)}.

Then k ∗ k (Z/2 Z) = H ∪ (−H) = {(−1) a : k ∈ {0, 1}, a ∈ H} and (−1)ka = 1 if and only if k = 0 and a = 1. Hence (Z/2kZ)∗ =< −1 > ×H. Similarly as above, one shows that H is cyclic of order 2k−2, and that H =< 5 >.

4.3 Gauss sums

Let q ∈ Z>2. For a character χ mod q and for b ∈ Z, we deﬁne the Gauss sum X τ(b, χ) := χ(x)e2πibx/q,

x∈Sq where Sq is a full system of representatives modulo q. This does not depend on the choice of Sq. Gauss sums occur for instance in functional equations for L-functions P∞ −s L(s, χ) = n=1 χ(n)n (later). We prove some basic properties for Gauss sums.

Theorem 4.16. Let q ∈ Z>2 and let χ be a character mod q. Further, let b ∈ Z. (i) If gcd(b, q) = 1, then τ(b, χ) = χ(b) · τ(1, χ). (ii) If gcd(b, q) > 1 and χ is primitive, then τ(b, χ) = χ(b) · τ(1, χ) = 0.

Proof. (i) Suppose gcd(b, q) = 1. If x runs through a complete residue system Sq 0 mod q, then bx runs to another complete residue system Sq mod q. Write y = bx.

80 Then χ(y) = χ(b)χ(x), hence χ(x) = χ(b)χ(y). Therefore,

X X τ(b, χ) = χ(x)e2πibx/q = χ(b)χ(y)e2πiy/q 0 x∈Sq y∈Sq = χ(b)τ(1, χ).

(ii) We use the following observation: if q1 is any divisor of q with 1 6 q1 6 q, then there is c ∈ Z such that c ≡ 1 (mod q1), gcd(c, q) = 1, and χ(c) 6= 1. Indeed, this is obvious if q1 = q. If q1 < q, then Theorem 4.10 implies that if there is no such integer c then χ is induced by a character mod q1, contrary to our assumption that χ is primitive.

Now let d := gcd(b, q), put b1 := b/d, q1 := q/d, and choose c according to the observation. Then X χ(c)τ(b, χ) = χ(cx)e2πibx/q.

x∈Sq

If x runs through a complete residue system Sq mod q, then y := cx runs through 0 another complete residue system Sq mod q. Further, since c ≡ 1 (mod q1) we have

e2πixb/q = e2πixb1/q1 = e2πicxb1/q1 = e2πiyb/q.

Hence X χ(c)τ(b, χ) = χ(y)e2πiby/q = τ(b, χ).

y∈Sq

Since χ(c) 6= 1 this implies that τ(b, χ) = 0.

Theorem 4.17. Let q ∈ Z>2 and let χ be a primitive character mod q. Then

√ |τ(1, χ)| = q.

81 Proof. We have by Theorem 4.16,

q−1 X |τ(1, χ)|2 = τ(1, χ) · τ(1, χ) = χ(x)e−2πix/qτ(1, χ) x=0

q−1 q−1 q−1 ! X X X = e−2πix/qτ(x, χ) = e−2πix/q χ(y)e2πixy/q x=0 x=0 y=0

q−1 q−1 ! X X = χ(y)e2πix(y−1)/q x=0 y=0

q−1 q−1 ! q−1 X X X = χ(y) e2πix(y−1)/q = χ(y)S(y), say. y=0 x=0 y=0

Pq−1 If y = 1, then S(y) = x=0 1 = q, while if y 6= 1, then

e2πi(y−1) − 1 S(y) = = 0. e2πi(y−1)/q − 1

Hence |τ(1, χ)|2 = χ(1)q = q.

√ Remark. Theorem 4.17 implies that εχ := τ(1, χ)/ q lies on the unit circle. Gauss gave a simple expression for εχ in the case that εχ is a primitive real character mod q, i.e., χ(a) ∈ {±1} if gcd(a, q) = 1. There is no general method known to compute

εχ for non-real characters χ modulo large values of q.

4.4 Quadratic reciprocity

For the interested reader, we give a proof of Gauss’ Quadratic Reciprocity Theorem using Gauss sums. This section requires a little bit more algebraic background.

Let p > 2 be a prime number. For a ∈ Z, we deﬁne the Legendre symbol

 1 if x2 ≡ a (mod p) is solvable in x ∈ and p a; a  Z - := −1 if x2 ≡ a (mod p) is not solvable in x ∈ ; p Z  0 if p|a.

82 · Lemma 4.18. p is a character mod p, and a ≡ a(p−1)/2 (mod p) for a ∈ . p Z

Proof. The group (Z/pZ)∗ is cyclic of order p − 1. Let g(mod p) be a generator of this group, and take a ∈ Z with gcd(a, p) = 1. Then there is t ∈ Z such that a ≡ gt (mod p). Now clearly, x2 ≡ a (mod p) is solvable in x ∈ Z if and only if t is a t · even. Hence p = (−1) . This implies that p is a character mod p. Note that (g(p−1)/2)2 ≡ 1 (mod p), hence g(p−1)/2 ≡ ±1 (mod p). But g(p−1)/2 6≡ 1 (mod p) since g (mod p) is a generator of (Z/pZ)∗. Hence g(p−1)/2 ≡ −1 (mod p). It follows that a a(p−1)/2 ≡ (−1)t ≡ (mod p). p

Gauss’ Quadratic Reciprocity Theorem is as follows: Theorem 4.19. Let p, q be distinct primes > 2. Then pq −1 if p ≡ q ≡ 3 (mod 4), = (−1)(p−1)(q−1)/4 = q p 1 otherwise.

We ﬁrst make some preparations and then prove some lemmas.

Let Q[X] denote the ring of polynomials with coefficients in Q. A number α ∈ C is called algebraic if there is a non-zero polynomial f ∈ Q[X] such that f(α) = 0. Among all non-zero polynomials from Q[X] having α as a zero, we choose one of minimal degree. By multiplying such a polynomial with a suitable constant, we obtain one which is monic, i.e., of which the coefficient of the highest power of X is 1. There is only one monic polynomial in Q[X] of minimal degree having α as a zero, for if there were two, their difference would give a non-zero polynomial in Q[X] of smaller degree having α as a zero. This unique monic polynomial in Q[X] of minimal degree having α as a zero is called the minimal polynomial of α, denoted by fα.

We observe that fα must be irreducible in Q[X], that is, not a product of two non-constant polynomials from Q[X]. For otherwise, α would be a zero of one of these polynomials, which has degree smaller than that of fα.

83 2πi/q Let q be a prime number > 2. We write ζq := e . Deﬁne

( r ) X i Rq := Z[ζq] = aiζq : ai ∈ Z, r > 0 . i=0 This set is closed under addition and multiplication, hence it is a ring.

Lemma 4.20. Rq ∩ Q = Z.

q Proof. We use without proof, that the minimal polynomial of ζq is (X −1)/(X−1) = q−1 q−1 Pq−2 j X + ··· + X + 1. Hence ζq = − j=0 ζq . By repeatedly substituting this into Pr i Pq−2 j an expression i=0 aiζq with ai ∈ Z, we eventually get an expression j=0 bjζq with bj ∈ Z for all j. Hence all elements of Rq can be expressed in this form. Now if α ∈ Rq ∩ Q, we get q−2 X j α = bjζq j=0 with α ∈ Q and bj ∈ Z for all j. This implies that ζq is a zero of the polynomial q−2 bq−2X + ··· + b0 − α. Since the minimal polynomial of ζq has degree q − 1, this is possible only if b0 = α and b1 = ··· = bq−2 = 0. Hence α ∈ Z.

Given α, β ∈ Rq and n ∈ Z>0, we write α ≡ β (mod n) in Rq if (α − β)/n ∈ Rq. Further, we write α ≡ β (mod n) in Z if (α − β)/n ∈ Z. By the Lemma we just proved, for α, β ∈ Z we have that α ≡ β (mod n) in Rq if and only if α ≡ β (mod n) in Z.

Lemma 4.21. Let p be any prime number. Then for α1, . . . , αr ∈ Rq we have

p p p (α1 + ··· + αr) ≡ α1 + ··· + αr (mod p) in Rq.

Proof. By the multinomial theorem,

p X p! i1 ir (α1 + ··· + αr) = α1 ··· αr . i1! ··· ir! i1+···+ir=p

All multinomial coeﬃcients are divisible by p, except those where one index ij = p and the others are 0.

· For notational convenience we write χq for q . We now invoke Gauss sums.

84 2 (q−1)/2 Lemma 4.22. τ(1, χq) = (−1) q.

Proof. The proof is almost the same as that of Theorem 4.17. The character χq is (q) primitive, since q is a prime and χq 6= χ0 . Using Theorem 4.16 we have, since χq is a real character,

q−1 q−1 2 X 2πix/q X 2πix/q τ(1, χq) = χq(x)e τ(1, χq) = e τ(x, χq). x=0 x=0 The same reasoning as in the proof of Theorem 4.17, but with e2πix/q instead of e−2πix/q gives

q−1 q−1 ! q−1 2 X X 2πix(y+1)/q X 0 τ(1, χq) = χ(y) e = χ(y)S (y), y=0 x=0 y=0 where S0(y) = q if y = −1, and S0(y) = 0 otherwise. Hence

2 (q−1)/2 τ(1, χq) = χq(−1) · q = (−1) q.

Proof of Theorem 4.19. We work in the ring Rq. Notice that by Lemma 4.21 and Theorem 4.16,

q−1 q−1 X X p τ(1, χ )p ≡ χ (x)pζpx ≡ χ (x)ζpx ≡ τ(p, χ ) ≡ τ(1, χ ) (mod p) in R . q q q q q q q q q x=0 x=0

On multiplying with τ(1, χq) and applying Lemma 4.22, we obtain p τ(1, χ )p+1 ≡ (−1)(q−1)/2q · (mod p) in R . q q q On the other hand, by Lemmas 4.22, 4.20,

p+1 (q−1)(p+1)/4 (p+1)/2 (q−1)/2 (q−1)(p−1)/4 (p−1)/2 τ(1, χq) = (−1) q = (−1) q · (−1) q q ≡ (−1)(q−1)/2q · (−1)(p−1)(q−1)/4 (mod p) in R . p q As a consequence, p q (−1)(q−1)/2q · ≡ (−1)(q−1)/2q · (−1)(q−1)(p−1)/4 (mod p) in . q p Z

85 Since q is coprime with p, this gives p q ≡ (−1)(p−1)(q−1)/4 (mod p) in . q p Z Since integers equal to ±1 can be congruent modulo p only if they are equal, this implies Theorem 4.19.

We ﬁnish with the following result.

Theorem 4.23. Let p be a prime > 2. Then

2 1 if p ≡ ±1 (mod 8), = p −1 if p ≡ ±3 (mod 8).

Proof. Exercise.

You have to follow the proof given above, but instead of Rq, χq, you have to use the 2πi/8 ring R8 = Z[ζ8] where ζ8 = e , and the character χ8 mod 8, given by

 1 if a ≡ ±1 (mod 8),  χ8(a) = −1 if a ≡ ±3 (mod 8),  0 if a ≡ 0 (mod 2).